Hi list, This is my first post
What do you think about that?, can be good or is a waste of time? "" - The problem: Many sites at TOR network have multiple mirrors for support their user load. When connecting to one of these mirror sites we can have the following question: Is this the right place or is a service impersonation? - My proposal: The client who wants to verify if a service is fake or real can download the PGP key of the service and send a challenge to a port of the service. The challenge is a simple string defined by the client and the server must respond with the same string with a valid GPG signature to identify himself "" Some code (work in progress): https://github.com/arrase/TOR-Hidden-Service-Verification -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk